change-explainer
Pass
Audited by Gen Agent Trust Hub on May 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute local git commands, such as
git status --shortandgit diff, to retrieve context about code changes and untracked files. These operations are restricted to the local repository and serve the primary purpose of the skill. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of deep-analyzing and "teaching" the content of diffs and patches which may come from untrusted sources (e.g., public PRs).
- Ingestion points: Data enters the agent context through
git diffoutput, pasted PR patches, and local file reads (including surrounding code and documentation). - Boundary markers: The instructions do not specify the use of delimiters or provide "ignore embedded instructions" warnings to the agent for the content being analyzed.
- Capability inventory: The agent is authorized to execute shell commands (
git) and read files throughout the repository to build a mental model of the changes. - Sanitization: There is no evidence of sanitization or filtering applied to the retrieved content before it is processed by the agent's reasoning engine.
Audit Metadata